feat: verify unix_users can set shell

3 files changed, 20 insertions, 1 deletions

diff --git a/roles/unix_users/subplot.md b/roles/unix_users/subplot.md
index 9a0356a..c098638 100644
--- a/roles/unix_users/subplot.md
+++ b/roles/unix_users/subplot.md
@@ -2,7 +2,7 @@
 
 This role creates or updates Unix users.
 
-## Create user with unix_users
+## Create normal user with unix_users
 
 ~~~scenario
 given a host running Debian
@@ -11,10 +11,12 @@ when I use role unix_users
 and I use variables from foo.yml
 and I run the playbook
 then the host has user foo
+and the user foo on host has shell /bin/true
 ~~~
 
 ~~~{#foo.yml .file .yaml}
 unix_users:
 - username: foo
   comment: Foo Bar
+  shell: /bin/true
 ~~~
diff --git a/roles/unix_users/subplot.py b/roles/unix_users/subplot.py
index 9b77e49..dc4e9f6 100644
--- a/roles/unix_users/subplot.py
+++ b/roles/unix_users/subplot.py
@@ -1,3 +1,6 @@
+import logging
+
+
 def host_does_not_have_user(ctx, username=None):
     assert_ne = globals()["assert_ne"]
     qemu = ctx["qemu"]
@@ -12,3 +15,14 @@ def host_has_user(ctx, username=None):
     assert_eq(exit, 0)
     output = output.decode("UTF8")
     assert f"\n{username}:" in output
+
+
+def host_user_has_shell(ctx, username=None, shell=None):
+    assert_eq = globals()["assert_eq"]
+    qemu = ctx["qemu"]
+    output, exit = qemu.ssh(["getent", "passwd", username])
+    assert_eq(exit, 0)
+    for line in output.decode("UTF8").splitlines():
+        if line.startswith(f"{username}:"):
+            logging.debug(f"host_user_has_shell: line={line!r}")
+            assert line.endswith(f":{shell}")
diff --git a/roles/unix_users/subplot.yaml b/roles/unix_users/subplot.yaml
index e59c9a0..a0529b2 100644
--- a/roles/unix_users/subplot.yaml
+++ b/roles/unix_users/subplot.yaml
@@ -3,3 +3,6 @@
 
 - then: the host has user {username}
   function: host_has_user
+
+- then: the user {username} on host has shell {shell}
+  function: host_user_has_shell